During recent research it was identified and established that certain countries are taking this seriously, and have even started to offer and create networks to aid both the public and commercial arenas. Some leaders of Canada’s largest industries are creating a new network to help businesses and the public stay abreast of emerging cyber threats from malware, hackers and online criminals. This was introduced due to some of the recent headlines/stories within the media; Canada ‘failing’ in fight against cybercrime, hacking; this was a report during which it stated that Canada is seen or deemed to be lagging behind the U.S., Britain and other countries in defending citizens and businesses against malicious hackers and cyber-criminals, say numerous groups involved in trying to police the internet. “We’re failing, we’re falling behind,” warns Katherine Thompson of the Canadian Advanced Technology Alliance, one of Canada’s largest private-sector high-tech advocacy groups. “We cannot continue down the path that we’re on right now,” she told CBC News. “We just went through a very long federal election where not one of the major party leaders discussed cyber-security.”
It was divulged that since 2010, Public Safety Canada had allegedly spent $245 million on defending government computer networks, safeguarding critical infrastructure and educating the public, and had already earmarked $142 million over the next five years to tackle cyber-threats — particularly against critical infrastructure. But leaders in Canada’s policing, IT and cyber-security sectors say the federal strategy is focused primarily on national security threats and does little to combat the dramatic growth in email scams, online extortion and breaches at corporate computer networks. One of the biggest and concerning emerging issues within Canada was that they largely in the dark about the scope of cybercrime given the country as no central agency to track online scams and malicious electronic attacks unlike other countries. Also concerning is that there are no federal laws to force companies to disclose hacks, security breaches, thefts of data or money so the general public has incomplete knowledge of which companies have been compromised.
“People having their identity threatened, or having their computers infected, files locked down for ransom, those types of things, the average police station doesn’t know how to respond to that,” says Norm Taylor who leads an executive training program for the Canadian Association of Chiefs of Police. He further stated that “The result is, it’s not being documented. And the public is neither reporting, nor are the police really doing much in the way of outreach to quantify those types of incidents.” He went on further to mention that Canada does have a Spam Reporting Centre and a government run Anti-Fraud Centre but neither is equipped to handle the exploding array of cyber-scams and malware that are targeting home and business computers. An opinion of the author is that certain emerging factors can be identified as a concern for some countries yet in the more sophisticated and technologically cultural awareness countries they may not be deemed as emerging threat.
A good example of this sit that during the spring of 2014, the Canadian Authorities sent 17 police executives on an international study mission to learn how governments in the U.S., Europe, India, Singapore, Australia and New Zealand are grappling with cybercrime. During which the identified “the urgent need to increase reporting of cybercrimes to police,” and pointed to Australia’s ACORN (Australian Cybercrime Online Reporting Network) program as a model for collecting citizen complaints so that police and industry can monitor trends, thwart organized criminal groups and arrange incidents for further investigation. The FBI in the United States also run a similar program title “IC3”, referring to its Internet Crime Complaint Centre, which last year alone received 269,000 complaints about frauds, email scams and online extortion. That included some 4,000 complaints from Canada.
A main factor of concern and emerging thread is that within Canada, “most of the reporting, and almost all of the resolution is happening behind the closed doors of the private sector,” says Taylor. He further stated “So if my credit card is compromised, I’m going to call my bank. My bank is going to take the report, they are going to resolve the issue, and they are going to reimburse me. At no point does the criminal justice system even know that this happened. Whereas now in Australia, you can’t get the bank to reimburse you unless you have an ACORN filing number.”
One of the major threats and emerging concerns is the sharing of the information/knowledge that occurs during and after. “The threat is constantly evolving. The kinds of attacks, viruses and malware are rapidly changing. Nobody has the capability of staying ahead of it all the time,” said John Manley, president of the Canadian Council of Chief Executives.
“Cybersecurity is a major concern for the electricity sector, telecommunications services, government, banking and financial services,” Manley said. “Your service providers are today being attacked be it by criminals, state-sponsored hackers, or others. If you lose those services — you will care. This is for everybody.”
Organised terrorist are expected to continue to expand their technical capabilities which may lead to an increase in cyber-crime and cyber terrorism with domestic groups funded by foreign States to conduct US-based attacks. Cyber-crime as a funding vehicle for Terrorism and also acts as a facilitator / component for a Terrorist attack (Effects-based Operations). Other merging threats are that malware embedded at the hardware / chip level of consumer products will continue to increase with continuous and increased targeted attacks and APT in number and sophistication. With this the sophistication from APT attacks will trickle down to black market malware toolkits.
A new phenomenon is that mobile phone attacks will increase in volume and type which still some individuals have been lucky enough not to experience and little is none about these types of attacks and how frequent they occur. Still one of the leading threats is that of the “Insider Threat” which will continue to grow as new technology is introduced, especially non-company devices, from this attackers are increasingly using outsourced service providers (HR, Procurement, IT, Finance, etc.) as a means to gain access to their victims. Also with the use of comprehensive reconnaissance (network, physical, social) to help navigate victims’ organisation and networks more effectively (e.g. network infrastructure, system administration guides, etc.)
Growth of the Dark Web / Tor Network Law Enforcement has little understanding of these “off the web” networks, how to access them, and the types of activities being conducted there, including:
- Child Pornography
- Trafficking of Drugs, Weapons, Humans
- Child Exploitation
- Sex Tourism
Taking all that into consideration closer to home the common cyber threats still remain the following:
- Phishing: bogus emails asking for security information and personal details
- Webcam manager: where criminals takeover your webcam
- File hijacker: where criminals hijack files and hold them to ransom
- Keylogging: where criminals record what you type on your keyboard
- Screenshot manager: allows criminals take screenshots of your computer screen
- Ad clicker: allows a criminal to direct a victim’s computer to click a specific link
All of these are occurring on a regular and daily basis on more than one occasion and have and can even be done via multiple attacks and sites. It is scary that before we can even concentrate on the emerging threats, we need to gain a clear understanding on the daily and basic threats to the cyber system that we utilise every minute of every day.
Copyright | © 2017 Stephen Langley
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
About the Author
Stephen Langley is an accomplished Senior Security Professional and Brand Protection Manager, who has expertise in compliance related investigations. Stephen holds a degree in UK Law (LLB) that he attained from the Open University and a MSc in Security Management that he obtained from the University of Portsmouth and also various Leadership and Management qualifications.
Other Publications from Stephen
Langley S. (2016). ‘Insider Threat’ in M. Petrigh (ed.) Security and Risk Management: Critical Reflections and International Perspectives, Volume 1 (pp. 37-68). London: Centre for Security Failures Studies Publishing
Subscribe to Stephen’s Articles
Readers who would like to receive an automatic notification every time Stephen Langley publishes a new Article on our Blog can subscribe via FeedBurner, either by email or RSS.
The opinions expressed in this Article are those of the author and do not reflect the opinions of the Centre for Security Failures Studies or its Editors or its Members. Neither the Centre for Security Failures Studies nor the author of this Article guarantee the accuracy or completeness of any information published herein and neither the Centre for Security Failures Studies nor the author shall be responsible for any error, omission, or claim for damages, including exemplary damages, arising out of use, inability to use, or with regard to the accuracy or sufficiency of the information contained in this Article.